Error when trying to change broker properties

Issue submitter TODO list

[X] I've looked up my issue in FAQ
[X] I've searched for an already existing issues here
[X] I've tried running master-labeled docker image and the issue still persists there
[X] I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

On the broker properties editing page, after changing some of them, the following error occurs: scr3 In this case, the path to the jks-file matches the one specified in the KafkaUI parameters and the file is available:

At the same time, when trying to change other properties, an error of a different type occurs: scr2

Expected behavior

There should be no errors when accessing the Kafka broker, since the SSL certificate storage file is specified correctly in the KafkaUI parameters and the broker is available to KafkaUI via a secure connection. If the parameter cannot be changed, then it will probably be more correct to process such attempts and display not an 'Bad request' error message, but a notification that the parameter cannot be changed. Otherwise, it is not clear what the root problem is - in the incorrect operation of KafkaUI, in the insufficiency of rights to edit parameters, or Kafka settings are incorrect.

Your installation details

KafkaUI - fdd9ad9 11.05.2023, 17:02:15 KafkaUI startup script with configuration parameters: export DYNAMIC_CONFIG_ENABLED='false' export SECURITY_BASIC_ENABLED='false'

export SERVER_PORT='8080' export SERVER_SSL_ENABLED='true' export SERVER_SSL_KEY_STORE_TYPE='JKS' export SERVER_SSL_KEY_STORE='/opt/sslpki/keystore.jks' export SERVER_SSL_KEY_STORE_PASSWORD='***'

export AUTH_TYPE='LDAP' export SPRING_LDAP_URLS='ldaps://...com:3269 ldaps://...com:3269' export SPRING_LDAP_BASE='DC=,DC=,DC=com' export SPRING_LDAP_USER_FILTER_SEARCH_BASE='DC=,DC=,DC=com' export SPRING_LDAP_USER_FILTER_SEARCH_FILTER='(&(sAMAccountName={0})(|(memberOf=CN=kafka-admin,OU=Service,DC=,DC=,DC=com)(memberOf=CN=admin,OU=Service,DC=,DC=,DC=com)))' export SPRING_LDAP_ADMIN_USER='CN=ldap-user,OU=Service,DC=,DC=,DC=com' export SPRING_LDAP_ADMIN_PASSWORD=''

export KAFKA_CLUSTERS_0_METRICS_PORT='9094' export KAFKA_CLUSTERS_0_METRICS_SSL='false' export KAFKA_CLUSTERS_0_METRICS_TYPE='false'

export KAFKA_CLUSTERS_0_NAME='KAFKATS_TEST' export KAFKA_CLUSTERS_0_READONLY='false' export KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS='kafka-tst...com:9093' export KAFKA_CLUSTERS_0_ZOOKEEPER='kafka-tst...com:2182'

export KAFKA_CLUSTERS_0_SSL_TRUSTSTORELOCATION='/disk01/kafka-ui-api-v0.7.0/keystore.jks' export KAFKA_CLUSTERS_0_SSL_TRUSTSTOREPASSWORD='***'

export KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL='SASL_SSL' export KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM='GSSAPI' export KAFKA_CLUSTERS_0_PROPERTIES_SASL_KERBEROS_SERVICE_NAME='kafkats' export KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG='com.sun.security.auth.module.Krb5LoginModule required serviceName="kafkats" useKeyTab=true storeKey=true keyTab="/disk01/kafka-ui-api-v0.7.0/kafka-tst.keytab" principal="kafkats/kafka-tst..*.com@..COM";' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_TYPE='JKS' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_LOCATION='/opt/sslpki/keystore.jks' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_PASSWORD='' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEY_PASSWORD='' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_TYPE='JKS' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION='/opt/sslpki/keystore.jks' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD='**' export KAFKA_CLUSTERS_0_PROPERTIES_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=''

export KAFKA_CLUSTERS_0_SCHEMAREGISTRY='https://kafka-tst.*..com:8081' export KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_KEYSTORELOCATION='/opt/sslpki/keystore.jks' export KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_KEYSTOREPASSWORD='' export KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_KEYPASSWORD='' export KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_TRUSTSTORELOCATION='/opt/sslpki/keystore.jks' export KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_TRUSTSTOREPASSWORD='***'

export JAVA_OPTS=" -Dzookeeper.client.secure=false -Dzookeeper.ssl.client.enable=false -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStore=/opt/sslpki/keystore.jks -Djavax.net.ssl.keyStorePassword= -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStore=/opt/sslpki/keystore.jks -Djavax.net.ssl.trustStorePassword==" export JAVA_OPTS="$JAVA_OPTS -Xms2g -Xmx4g -Djava.awt.headless=true --add-opens java.rmi/javax.rmi.ssl=ALL-UNNAMED"

cd /disk01/kafka-ui-api-v0.7.0 nohup /opt/java/jdk-17.0.3.1/bin/java $JAVA_OPTS -jar /disk01/kafka-ui-api-v0.7.0/kafka-ui-api-v0.7.0.jar>/disk01/kafka-ui-api-v0.7.0/kafkaui-console.log 2>&1 &

Steps to reproduce

Start KafkaUI without dokcer with similar startup parameters as my and try to edit similar Kafka broker parameters

Screenshots

No response

Logs

1. com.provectus.kafka.ui.exception.InvalidRequestApiException: Invalid config value for resource ConfigResource(type=BROKER, name='1'): Validation of dynamic config update of SSLFactory failed: org.apache.kafka.common.KafkaException: Failed to load SSL keystore /opt/sslpki/keystore.jks of type JKS at com.provectus.kafka.ui.service.BrokerService.lambda$updateBrokerConfigByName$11(BrokerService.java:108) at reactor.core.publisher.Mono.lambda$onErrorResume$29(Mono.java:3849) at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94) at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondError(MonoFlatMap.java:241) at reactor.core.publisher.MonoFlatMap$FlatMapInner.onError(MonoFlatMap.java:315) at reactor.core.publisher.MonoPublishOn$PublishOnSubscriber.run(MonoPublishOn.java:187) at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68) at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833)

2. com.provectus.kafka.ui.exception.InvalidRequestApiException: Invalid config value for resource ConfigResource(type=BROKER, name='1'): Cannot update these configs dynamically: Set(replication.quota.window.size.seconds) at com.provectus.kafka.ui.service.BrokerService.lambda$updateBrokerConfigByName$11(BrokerService.java:108) at reactor.core.publisher.Mono.lambda$onErrorResume$29(Mono.java:3849) at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94) at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondError(MonoFlatMap.java:241) at reactor.core.publisher.MonoFlatMap$FlatMapInner.onError(MonoFlatMap.java:315) at reactor.core.publisher.MonoPublishOn$PublishOnSubscriber.run(MonoPublishOn.java:187) at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68) at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833)

Additional context

No response

provectus / kafka-ui